diff options
author | Jeremy Allison <jra@samba.org> | 2012-11-08 13:45:19 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-11-15 09:07:09 +0100 |
commit | 92292ac55144521824610a5d4b09f8dc1ff19a8a (patch) | |
tree | a1b9906d57954ac82a8e1bd892399eb41f5d7b34 | |
parent | 9a8d7ab3773e1d4d1981f8b45998d689180a4cbf (diff) | |
download | samba-92292ac55144521824610a5d4b09f8dc1ff19a8a.tar.gz |
Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
-rw-r--r-- | source3/smbd/posix_acls.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 646efa4b69c..65a77d4e574 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1359,7 +1359,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER_OBJ) { - if (setting_acl && !is_default_acl) { + if (setting_acl) { + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ apply_default_perms(params, is_directory, pace, S_IRUSR); } got_user = True; @@ -1439,9 +1443,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, pace->perms = pace_other->perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ + apply_default_perms(params, is_directory, pace, S_IRUSR); } else { pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); } |